> This at least suggests that the v1.7 readers need to check *all* > hashes that are offered and raise an alarm if some verify and others > don't. Is that good enough?
Isn't that what SSL/TLS does? /r$ -- STSM, DataPower CTO WebSphere Appliance Architect http://www.ibm.com/software/integration/datapower/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com